Skip to content

Pilot metdata verification #10578

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
cjmartian merged 25 commits into from
Mar 30, 2021
Merged

Pilot metdata verification #10578

cjmartian merged 25 commits into from
Mar 30, 2021

Conversation

@chenghlee
Copy link
Contributor

@chenghlee chenghlee commented Mar 29, 2021

Allow conda to verify metadata signatures when the extra_safety_checks configuration option is set to True and the conda-content-trust package is installed in the base environment.

chenghlee and others added 21 commits December 15, 2020 16:57
@chenghlee
Add marker comments for artifact verification (CAR) integration
1d42672
@awwad
Add dev root metadata to conda.base.constants as INITIAL_TRUST_ROOT
45409a1 
with a bunch of comments on the nature and future disposition of
the data.

Signed-off-by: Sebastien Awwad <[email protected]>
@awwad
Framework for retrieving & verifying root/key_mgr trust metadata
7134562 
Signed-off-by: Sebastien Awwad <[email protected]>
@chenghlee
[POC] update root, key manager data from channel
b72a1a6
@chenghlee
[POC] add package metadata (repodata.json) verification
6323b01
@chenghlee
[POC] warn when installing packages with no/bad signatures
c92f853
@awwad
minor bugfix: do not error out if key_mgr is unavailable
2c2bdc9 
Signed-off-by: Sebastien Awwad <[email protected]>
@chenghlee
Tweak signature status messages
f2b29b5 
Based on feedback from product, don't show message for unsigned metadata
but do show warm fuzzy message for correctly signed metadata.
@chenghlee
Handle servers not returning JSON data
ef1e95f
@chenghlee
Fix fallback to loading key_mgr data from disk
fa23146 
Forgot a module path component when calling `load_metadata_from_file`
@chenghlee
"Better" handling when fetching key_mgr.json
88f4d39 
Use a catch-all block so failing to get a valid, updated `key_mgr.json`
doesn't cause conda to crash and burn.
@chenghlee
Add config option for signing metadata base URL
6de43ad 
Allow the user to configure the base URL to look for `*.root.json` and
`key_mgr.json`, rather than assuming these required files are in the
base directory of each channel (i.e., when `channeldata.json` lives).
This better fits how we anticipate deploying these files as the artifact
verification feature goes into production.
@chenghlee
Handle key_mgr trust data not being properly initialized
e107a0f 
Protect against cases where the user has requested metadata signature
verification but no key manager trust metadata is available; e.g., a
user has turned this feature on for the first time, but no trust
metadata can be obtained for the repository they're using.
@chenghlee
Suppress use of Anaconda tokens to obtain AV trust metadata
4a33a9f 
Package signing trust metadata should be publicly available and not
protected by a token; suppressing the existing authentication mechanisms
ensures users can obtain these trust metadata even when they've set the
`add_anaconda_token` conda configuration option to True.
@chenghlee
"Ignore" 404 errors when fetching root.json
49d25ef 
These are actually an indication that no updates are available and are
not real errors.
@chenghlee
Change car references to cct
cd3eeda 
Reflects name change of the `conda-authentication-resources` package to
`conda-content-trust`.
@chenghlee
Warn if conda-content-trust is needed but not installed
9005ea1
@chenghlee
Create etc/conda, as needed
f0f00b6 
`conda build` currently does not allow packages to include empty
directories, so we may need to create `etc/conda` at runtime for storing
artifact verification metadata (`*.root.json`, `key_mgr.json`).

Also, separate `_refresh_*` operations into individual functions to
improve code clarity.
@chenghlee
Merge branch 'master' into metadata-verification
b648173
@chenghlee
Guard against bogus *.root.json filenames
e7b31b8 
Prevent conda from crashing when `etc/conda` contains files whose names
end with `.root.json` but do not contain just digits in their prefix.
@chenghlee
Update to production trust anchor
b3e88df
@chenghlee chenghlee requested a review from a team March 29, 2021 22:16
@anaconda-issue-bot anaconda-issue-bot added the cla-signed [bot] added once the contributor has signed the CLA label Mar 29, 2021
@chenghlee
Fix flake8 errors
404b8d1
@chenghlee
Clean up conda-content-trust imports
e670fda 
Switch to `from ... import ...` structure to reduce awkward looking
function names.
@chenghlee chenghlee added this to the 4.10.0 milestone Mar 29, 2021
@chenghlee
Categorize signing_metadata_url_base config parameter
696a2bd 
Fixes a failing unit test and provides users with a (semi-)useful
description of what this parameter actually does.
@awwad
Copy link
Contributor

awwad commented Mar 29, 2021

Looks good to me. :) 👍

cjmartian
cjmartian approved these changes Mar 30, 2021
View reviewed changes
Copy link
Contributor

@cjmartian cjmartian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me.

@cjmartian cjmartian merged commit f2be3ed into conda:master Mar 30, 2021
@awwad
Copy link
Contributor

awwad commented Apr 5, 2021

Lesson: when reviewing, clarify what you have reviewed. One of us should have started a clean environment using this PR branch and installed from scratch. We would have found that conda-content-trust is always treated as not installed.... (I'm puzzled, I would have thought I'd done that, but... I guess I must have used my existing environment.) Missed a bug introduced in a typo in e670fda.

@chenghlee chenghlee deleted the metdata-verification branch April 8, 2021 00:42
@github-actions
Copy link

github-actions bot commented Apr 13, 2022

Hi there, thank you for your contribution!

This pull request has been automatically locked because it has not had recent activity after being closed.

Please open a new issue or pull request if needed.

Thanks!

@github-actions github-actions bot added the locked [bot] locked due to inactivity label Apr 13, 2022
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 13, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@cjmartian cjmartian cjmartian approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

cla-signed [bot] added once the contributor has signed the CLA locked [bot] locked due to inactivity

Projects

None yet

Milestone

4.10.0

Development

Successfully merging this pull request may close these issues.

4 participants

@chenghlee @awwad @cjmartian @anaconda-issue-bot